RFE: add a logic for non glibc linux distribution providing debootrap about singularity HOT 11 CLOSED

Wow, gotta love Muscl... Can you test [master 7076943] please? Thanks!

from singularity.

:P that the most different distrib from CentOS that I have tested...

We are making progress, bootstrap is failing on grsec issue:

I: Extracting zlib1g...
W: Failure trying to run: chroot /mnt mount -t proc proc /proc
W: See /mnt/debootstrap/debootstrap.log for details

RFE: maybe we can keep the debootstrap.log in case of failure in some mktemp -d place: that would help debugging :)

dmesg:
[29028.432281] grsec: From 192.168.122.1: denied mount of proc as /mnt/proc from chroot by /mnt/bin/mount[mount:20498] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/debootstrap[debootstrap:16723] uid/euid:0/0 gid/egid:0/0

we need some grsec expert here!

from singularity.

bootstrap requirements:
systctl -w kernel.grsecurity.chroot_deny_chmod=0
systctl -w kernel.grsecurity.chroot_deny_mount=0
systctl -w sysctl -w kernel.grsecurity.chroot_caps=0

I am now hitting a InstallPkg issue (plain example/debian.def):
...
I: Base system installed successfully.
Reading package lists...
Building dependency tree...
The following extra packages will be installed:
libgpm2 vim-runtime
Suggested packages:
gpm ctags vim-doc vim-scripts
The following NEW packages will be installed:
libgpm2 vim vim-runtime
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/6034 kB of archives.
After this operation, 28.5 MB of additional disk space will be used.
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (2: No such file or directory)
Selecting previously unselected package libgpm2:amd64.
(Reading database ... 9747 files and directories currently installed.)
Preparing to unpack .../libgpm2_1.20.4-6.1+b2_amd64.deb ...
Unpacking libgpm2:amd64 (1.20.4-6.1+b2) ...
Selecting previously unselected package vim-runtime.
Preparing to unpack .../vim-runtime_2%3a7.4.488-7_all.deb ...
Leaving 'diversion of /usr/share/vim/vim74/doc/help.txt to /usr/share/vim/vim74/doc/help.txt.vim-tiny by vim-runtime'
Leaving 'diversion of /usr/share/vim/vim74/doc/tags to /usr/share/vim/vim74/doc/tags.vim-tiny by vim-runtime'
Unpacking vim-runtime (2:7.4.488-7) ...
Selecting previously unselected package vim.
Preparing to unpack .../vim_2%3a7.4.488-7_amd64.deb ...
Unpacking vim (2:7.4.488-7) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up libgpm2:amd64 (1.20.4-6.1+b2) ...
Setting up vim-runtime (2:7.4.488-7) ...
Processing /usr/share/vim/addons/doc
Setting up vim (2:7.4.488-7) ...
Processing triggers for libc-bin (2.19-18+deb8u4) ...
-> cpu jumps to 100% and everythin is stuck on my kvm alpine guest

from singularity.

when I comment out the vim installation in the debian.def, the bootstrap completes without error
#InstallPkgs vim

from singularity.

I tried a plain debootstrap from alpine then chroot + apt-get install vim -> no error

from singularity.

singularity bootstrap completes when using the base container.. maybe something went wrong previously. I am erasing and retrying from scratch.

from singularity.

ok, no issue from a clean container.img

from singularity.

alpine:/singularity$ sudo singularity bootstrap a.img examples/debian.def
alpine:/singularity$ sudo singularity shell -w a.img
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
ABORT: Could not fchdir to cwd: Operation not permitted
alpine:~/singularity$ pwd
Jun 8 09:43:52 alpine kern.alert kernel: [ 3348.626911] grsec: From 192.168.122.1: denied fchdir outside of chroot to /home/tru/singularity by /usr/local/libexec/singularity/sexec[sexec:16649] uid/euid:2765/2765 gid/egid:2765/2765, parent /usr/local/libexec/singularity

alpine:$ sudo sysctl -w kernel.grsecurity.chroot_deny_fchdir=0
alpine:/singularity$ singularity shell a.img
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
Singularity/a.img> df
Filesystem 1K-blocks Used Available Use% Mounted on
singularity 999320 275420 671472 30% /

from singularity.

Are you using the most recent master branch?

I made a bunch of changes to the bind code and now using a configuration file. I wonder if my code has an issue there.

Also aside from the <<< issues that you identified, are there any other changes you have that will need committing? Will you send me a PR?

Sent from my iPhone

On Jun 8, 2016, at 2:47 AM, Tru Huynh [email protected] wrote:

alpine:/singularity$ sudo singularity bootstrap a.img examples/debian.def
alpine:/singularity$ sudo singularity shell -w a.img
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
ABORT: Could not fchdir to cwd: Operation not permitted
alpine:~/singularity$ pwd
Jun 8 09:43:52 alpine kern.alert kernel: [ 3348.626911] grsec: From 192.168.122.1: denied fchdir outside of chroot to /home/tru/singularity by /usr/local/libexec/singularity/sexec[sexec:16649] uid/euid:2765/2765 gid/egid:2765/2765, parent /usr/local/libexec/singularity

alpine:$ sudo sysctl -w kernel.grsecurity.chroot_deny_fchdir=0
alpine:/singularity$ singularity shell a.img
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
Singularity/a.img> df
Filesystem 1K-blocks Used Available Use% Mounted on
singularity 999320 275420 671472 30% /

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

from singularity.

@truatpasteurdotfr is this still an issue on master?

Thanks!

from singularity.

the arch logic works 👍

from singularity.